Security analysis of the IEEE 802.15.6 standard

A wireless body area network WBAN consists of low-power devices that are capable of sensing, processing, and wireless communication. WBANs can be used in many applications such as military, ubiquitous health care, entertainment, and sport. The IEEE Std 802.15.6-2012 is the latest international standard for WBAN. In this paper, we scrutinize the security structure of the IEEE 802.15.6-2012 standard and perform a security analysis on the cryptographic protocols in the standard. We show that some protocols have subtle security problems and are vulnerable to different attacks. Such vulnerabilities neutralize the security provisions in the standard specifically for medical applications that deal with sensitive information and security problems can be life-threatening. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Ming Li,et al.  Data security and privacy in wireless body area networks , 2010, IEEE Wireless Communications.

[2]  Mohsen Toorani Cryptanalysis of Two PAKE Protocols for Body Area Networks and Smart Environments , 2015, Int. J. Netw. Secur..

[3]  Juan E. Tapiador,et al.  Security and privacy issues in implantable medical devices: A comprehensive survey , 2015, J. Biomed. Informatics.

[4]  Mohsen Toorani,et al.  LPKI - A lightweight public key Infrastructure for the mobile environments , 2008, 2008 11th IEEE Singapore International Conference on Communication Systems.

[5]  Mohsen Toorani Cryptanalysis of a new protocol of wide use for email with perfect forward secrecy , 2015, Secur. Commun. Networks.

[6]  Mohammad Abdur Razzaque,et al.  Security and Privacy in Wireless Body Area Networks for Health Care Applications , 2013, Wireless Networks and Security.

[7]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[8]  Mohsen Toorani,et al.  A directly public verifiable signcryption scheme based on elliptic curves , 2009, 2009 IEEE Symposium on Computers and Communications.

[9]  Mohsen Toorani On Continuous After-the-Fact Leakage-Resilient Key Exchange , 2014, IACR Cryptol. ePrint Arch..

[10]  Mohsen Toorani,et al.  Cryptanalysis of an efficient signcryption scheme with forward secrecy based on elliptic curve , 2008, 2008 International Conference on Computer and Electrical Engineering.

[11]  Mohsen Toorani,et al.  Solutions to the GSM Security Weaknesses , 2008, 2008 The Second International Conference on Next Generation Mobile Applications, Services, and Technologies.

[12]  Abbas Jamalipour,et al.  Wireless Body Area Networks: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[13]  Athanasios V. Vasilakos,et al.  Body Area Networks: A Survey , 2010, Mob. Networks Appl..

[14]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[15]  Cas J. F. Cremers,et al.  Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal , 2015, Des. Codes Cryptogr..

[16]  Mohsen Toorani On Vulnerabilities of the Security Association in the IEEE 802.15.6 Standard , 2015, Financial Cryptography Workshops.

[17]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[18]  Mohsen Toorani,et al.  Cryptanalysis of an Elliptic Curve-based Signcryption Scheme , 2010, Int. J. Netw. Secur..

[19]  Kyung Sup Kwak,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare Applications , 2010, Journal of Medical Systems.

[20]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[21]  Mohsen Toorani,et al.  An Elliptic Curve-based Signcryption Scheme with Forward Secrecy , 2009, ArXiv.

[22]  Mohsen Toorani,et al.  SMEmail - A New Protocol for the Secure E-mail in Mobile Environments , 2008, 2008 Australasian Telecommunication Networks and Applications Conference.

[23]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[24]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[25]  K. S. Deepak,et al.  Improving energy efficiency of incremental relay based cooperative communications in wireless body area networks , 2015, Int. J. Commun. Syst..

[26]  Mohsen Toorani Cryptanalysis of a robust key agreement based on public key authentication , 2016, Secur. Commun. Networks.

[27]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[28]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[29]  Anandarup Mukherjee,et al.  Design and implementation analysis of a public key infrastructure-enabled security framework for ZigBee sensor networks , 2016, Int. J. Commun. Syst..

[30]  Ingrid Moerman,et al.  A survey on wireless body area networks , 2011, Wirel. Networks.

[31]  Jin-Meng Ho,et al.  A versatile suite of strong authenticated key agreement protocols for body area networks , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[32]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.